The problem I had initially with getting this to work was that I kept getting authentication failures .. the classic "Cannot connect due to insufficient or empty credentials". I kept seeing this even though com.ibm.ws.admin.client_7.0.0.jar was in my classpath and I had correctly a correctly populated sas.client.props file. They key to this problem was that (strangely enough) the com.ibm.CORBA package (used when you set com.ibm.CORBA.ConfigURL as a JVM param - see below) which is NOT in com.ibm.ws.admin.client_7.0.0.jar !!!
This meant that the JVM param I refer to (i.e com.ibm.CORBA.ConfigURL) was being ignored and the sas.client.props file wasn't being read.... no wonder I wasn't authenticating!
So, I thought to myself, this is easy enough, I just need to find that JAR that does contain the com.ibm.CORBA package. At this timely point, my colleague Jeff leaned over and said "Why don't you just use an IBM runtime, I bet this will work" .... I said that this wasn't logical because surely I just needed to find the right JAR... but I was running low on time, so I reluctantly plugged in the IBM runtime and it sprung into life. Great stuff, it works, but I would have preferred not to be forced into having to use the IBM runtime
... all a bit too mysterious and black boxy for my liking ... I must return to solve it properly one day, not that I'm OCD or anything :-)
So, moving on....
Assuming you have an X-Window server running, the example script below will let you wield all sorts of power over your WAS Cell.
$HOST is the Deployment Manager
$PORT can be the Deployment Manager's RMI port or it's ORB Port.
#!/bin/bash export BASE=/opt/bpm ex port JAVA_HOME=${BASE}/java export CLASSPATH=${JAVA_HOME}/lib/jconsole.jar export CLASSPATH=${CLASSPATH}:${JAVA_HOME}/lib/tools.jar export CLASSPATH=${CLASSPATH}:${BASE}/runtimes/com.ibm.ws.admin.client_7.0.0.jar export HOST=saturnbpm.stack1.com export PORT=11004 export DISPLAY=<your desktop IP>:0 export JCP=java.class.path=${CLASSPATH} export CLIENTSSL=com.ibm.SSL.ConfigURL="file:${BASE}/bob/ssl.client.props" export CLIENTSAS=com.ibm.CORBA.ConfigURL="file:${BASE}/bob/sas.client.props" export JMXURL=service:jmx:iiop://${HOST}:${PORT}/jndi/JMXConnector ${JAVA_HOME}/bin/jconsole -J-Djavax.net.debug=ssl \ -J-D${JCP} -J-D${CLIENTSSL} -J-D${CLIENTSAS} $JMXURL
sas.client.props
com.ibm.CORBA.securityEnabled=true
com.ibm.CORBA.authenticationTarget=BasicAuth
com.ibm.CORBA.authenticationRetryEnabled=true
# com.ibm.CORBA.loginSource can be set to prompt, stdin or properties
# If properties is specified you'll need to also specify
# com.ibm.CORBA.loginUserid and com.ibm.CORBA.loginPassword
com.ibm.CORBA.loginSource=properties
com.ibm.CORBA.loginUserid=admin
com.ibm.CORBA.loginPassword={xor}< Your XOR'd password >
com.ibm.CORBA.requestTimeout=180
com.ibm.CORBA.validateBasicAuth=true
com.ibm.CORBA.authenticationRetryCount=3
ssl.client.props
com.ibm.ssl.defaultAlias=DefaultSSLSettings
com.ibm.ssl.alias=DefaultSSLSettings
com.ibm.ssl.protocol=SSL_TLS
com.ibm.ssl.trustManager=IbmPKIX
com.ibm.ssl.enableSignerExchangePrompt=gui
com.ibm.ssl.trustStoreName=ClientDefaultTrustStore
com.ibm.ssl.trustStore=myTrustStore.p12
com.ibm.ssl.trustStorePassword={xor}< The XOR'd password of your SSL truststore>
com.ibm.ssl.trustStoreType=PKCS12
com.ibm.ssl.trustStoreProvider=IBMJCE
com.ibm.ssl.trustStoreFileBased=true
com.ibm.ssl.trustStoreReadOnly=false
No comments:
Post a Comment